Secure Your Project with the SIG Release Supply Chain Kit
May 01, 2023
30 min
Free
supply-chain-security
sbom
slsa
container-signing
github-actions
ci-cd
kubernetes
release-engineering
provenance
cosign
six-store
software-supply-chain
Description
This talk explores the SIG Release Supply Chain Kit, a toolkit developed by Kubernetes SIG Release to enhance the security of software supply chains. The presenters showcase how these tools, including SBOM generation, signed provenance attestations, and signed container images, can be used to secure any project, not just Kubernetes. Examples of using the toolkit with GitHub Actions for building and signing artifacts are demonstrated, highlighting the benefits of transparency and security in the release process.